Cisco packet tracer dasturi ishga tushiriladi.
Laboratoriya ishi uchun cisco 2960 kommutatori, 2911 marshruzatori, ASA0 5505 firewalli, server va kompyuterlar tanlanadi.
Quyida keltirilgan topologiya quriladi.
Qurilgan topologiya testlab ko`riladi.
16.1-rasm. Tadqiq qilinayotgan tarmoq topologiyasi
ASA0 ga quyidagi buyruqlar ketma ketligi kiritiladi.
ciscoasa>en ciscoasa#conf t
ciscoasa#no dhcpd enable inside
ciscoasa#no dhcpd address 192.168.1.5-192.168.1.36 inside ciscoasa(config)#interface vlan 1
ciscoasa(config-if)#ip address 192.168.100.1 255.255.255.0 ciscoasa(config-if)#exit
ciscoasa(config)#dhcpd enable inside
ciscoasa(config)#dhcpd address 192.168.100.22-192.168.100.50 inside ciscoasa(config)#dhcpd dns 8.8.8.8
ciscoasa(config)#interface vlan 2
ciscoasa(config-if)#ip address 195.158.18.18 255.255.255.0
ciscoasa(config-if)#exit
ciscoasa(config)#route outside 0.0.0.0 0.0.0.0 195.158.18.1 ciscoasa(config)#object network NAT
ciscoasa(config-network-object)#subnet 192.168.100.0 255.255.255.0 ciscoasa(config-network-object)#nat (inside,outside) dynamic outside ciscoasa(config-network-object)#exit
ciscoasa(config)#class-map qoida
ciscoasa(config-if)#match default-inspection-traffic ciscoasa(config-if)#exit
ciscoasa(config)#policy-map toplam ciscoasa(config)#class qoida ciscoasa(config)#inspect http ciscoasa(config)#inspect icmp ciscoasa(config)#exit ciscoasa(config)#service-policy toplam global ciscoasa(config)#exit ciscoasa(config)#enable salom
ciscoasa(config)#username admin password tatu123 ciscoasa(config)#hostname ASA ASA(config)#domain-name tatu.uz
ASA(config)#ssh 192.168.100.0 255.255.255.0 inside ASA(config)#aaa authentication ssh console LOCAL ASA(config)#aaa authentication telnet console LOCAL ASA(config)#ssh 8.8.8.8 255.255.255.255 outside
ASA(config)#interface vlan 3
ASA(config-if)#no forward interface vlan 1 ASA(config-if)#nameif DMZ
ASA(config-if)#ip address 192.168.70.1 255.255.255.0 ASA(config-if)#exit
ASA(config)#interface vlan 3
ASA(config-if)#security-level 70 ASA(config-if)#exit ASA(config)#object network DMZ
ASA(config-network-object)#nat (DMZ,outside) static 195.158.18.88 ASA(config-network-object)#exit
ASA#
ASA#conf t
ASA(config)#access-list DMZ permit icmp any host 195.158.18.88 ASA(config)#access-group DMZ in interface outside ASA(config)#access-list DMZ permit tcp any host 195.158.10.88 eq www ASA(config)#end
ROUTERga quyida buyruqlar ketma ketligi kiritiladi.
continue with configuration dialog? [yes/no]: no
Router>enable Router#conf t
Router(config)#interface gigabitEthernet 0/1 Router(config-if)#no shutdown
Router(config-if)#ip address 195.158.18.1 255.255.255.0 Router(config-if)#exit
Router(config)#interface gigabitEthernet 0/0 Router(config-if)#no shutdown
Router(config-if)#ip address 8.8.8.1 255.255.255.0 Router(config-if)#do wr
16.2-rasm. Qurilgan topologiyani testlash
Do'stlaringiz bilan baham: |